diatheke.pl in The SWORD Project Diatheke 1.5.9 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the range parameter….
CVE Identifier: CVE-2008-0932
Vulnerability Type(s):
Severity: High
Posts Tagged ‘debian_linux’
Debian Linux 8 and prior [High]
By Security Team • Feb 25th, 2008 • Category: Security NotificationsDebian Linux 4.0 and prior [High]
By Security Team • Feb 22nd, 2008 • Category: Security Notificationsmisc.c in splitvt 1.6.6 and earlier does not drop group privileges before executing xprop, which allows local users to gain privileges….
CVE Identifier: CVE-2008-0162
Vulnerability Type(s):
Severity: High
Debian Linux 4.0 and prior [Medium]
By Security Team • Feb 18th, 2008 • Category: Security Notificationslib/Driver/sql.php in Turba 2 (turba2) Contact Manager H3 2.1.x before 2.1.7 and 2.2.x before 2.2-RC3, as used in products such as Horde Groupware before 1.0.4 and Horde Groupware Webmail Edition before 1.0.5, does not properly check access rights, which allows remote authenticated users to modify address data via a modified object_id parameter to edit.php, as demonstrated by modifying a personal address book entry when there is write access to a shared address book….
CVE Identifier: CVE-2008-0807
Vulnerability Type(s):
Severity: Medium
Debian Linux 4.0 and prior [High]
By Security Team • Jan 24th, 2008 • Category: Security Notificationsscponly 4.6 and earlier allows remote authenticated users to bypass intended restrictions and execute arbitrary code by invoking scp, as implemented by OpenSSH, with the -F and -o options….
CVE Identifier: CVE-2007-6415
Vulnerability Type(s):
Severity: High
Debian Linux 2008.0 and prior [Medium]
By Security Team • Jan 11th, 2008 • Category: Security NotificationsThe xmlCurrentChar function in libxml2 before 2.6.31 allows context-dependent attackers to cause a denial of service (infinite loop) via XML containing invalid UTF-8 sequences….
CVE Identifier: CVE-2007-6284
Vulnerability Type(s):
Severity: Medium
Debian Linux [Low]
By Security Team • Dec 17th, 2007 • Category: Security NotificationsThe libdspam7-drv-mysql cron job in Debian GNU/Linux includes the MySQL dspam database password in a command line argument, which might allow local users to read the password by listing the process and its arguments….
CVE Identifier: CVE-2007-6418
Vulnerability Type(s):
Severity: Low
Debian Linux 1.1 and prior [High]
By Security Team • Dec 3rd, 2007 • Category: Security NotificationsSend ICMP Nasty Garbage (sing) on Debian GNU/Linux allows local users to append to arbitrary files and gain privileges via the -L (output log file) option…
CVE Identifier: CVE-2007-6211
Vulnerability Type(s):
Severity: High
Debian Linux 2008.0 and prior [High]
By Security Team • Nov 7th, 2007 • Category: Security NotificationsBuffer overflow in the polymorphic opcode support in the Regular Expression Engine (regcomp.c) in Perl 5.8 allows context-dependent attackers to execute arbitrary code by switching from byte to Unicode (UTF) characters in a regular expression….
CVE Identifier: CVE-2007-5116
Vulnerability Type(s):
Severity: High
Debian Linux 4.0 and prior [Low]
By Security Team • Nov 5th, 2007 • Category: Security NotificationsiSCSI Enterprise Target (iscsitarget) 0.4.15 uses weak permissions for /etc/ietd.conf, which allows local users to obtain passwords….
CVE Identifier: CVE-2007-5827
Vulnerability Type(s):
Severity: Low
Debian Linux 22.1 and prior [Medium]
By Security Team • Nov 2nd, 2007 • Category: Security NotificationsThe hack-local-variables function in Emacs before 22.2, when enable-local-variables is set to :safe, does not properly search lists of unsafe or risky variables, which might allow user-assisted attackers to bypass intended restrictions and modify critical program variables via a file containing a Local variables declaration….
CVE Identifier: CVE-2007-5795
Vulnerability Type(s):
Severity: Medium
